GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
Improper Access Control in MySQL Connector Python
High
CVE-2019-2435
was published
for
mysql-connector-python
(pip)
May 13, 2022
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
High
CVE-2022-36024
was published
for
py-cord
(pip)
Aug 18, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
OpenStack Image Service (Glance) vulnerable to Improper Access Control
Moderate
CVE-2016-0757
was published
for
glance
(pip)
May 17, 2022
Zope allows attackers to modify raw image and file data
Moderate
CVE-2000-1212
was published
for
zope
(pip)
Apr 30, 2022
Zope does not properly restrict access to the getRoles method
High
CVE-2000-0725
was published
for
zope
(pip)
Apr 30, 2022
Improper Access Control in vantage6
Moderate
CVE-2023-41882
was published
for
vantage6
(pip)
Oct 13, 2023
Privilege escalation via ApiTokensEndpoint
High
CVE-2023-39349
was published
for
sentry
(pip)
Aug 8, 2023
cross-site inclusion (XSSI) of files in jupyter-server
Moderate
CVE-2023-40170
was published
for
jupyter-server
(pip)
Aug 29, 2023
Apache Airflow Improper Access Control vulnerability
Moderate
CVE-2023-50783
was published
for
apache-airflow
(pip)
Dec 21, 2023
pyload Unauthenticated Flask Configuration Leakage vulnerability
High
CVE-2024-21644
was published
for
pyload-ng
(pip)
Jan 8, 2024
vantage6 has insecure SSH configuration for node and server containers
Moderate
CVE-2024-21653
was published
for
vantage6
(pip)
Jan 30, 2024
MoinMoin vulnerable to privilege escalation
Moderate
CVE-2008-1937
was published
for
moin
(pip)
May 1, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
Moderate
CVE-2008-6603
was published
for
moin
(pip)
May 17, 2022
Zope does not properly verify the access for objects with proxy roles
High
CVE-2002-0170
was published
for
zope
(pip)
Apr 30, 2022
OpenStack Compute (Nova) Improper Access Control
Moderate
CVE-2015-2687
was published
for
nova
(pip)
May 17, 2022
OpenStack Identity Keystone Improper Access Control
Moderate
CVE-2016-4911
was published
for
keystone
(pip)
May 17, 2022
MLflow allows low privilege users to delete any artifact
Moderate
CVE-2024-4263
was published
for
mlflow
(pip)
May 16, 2024
vantage6 collaboration admins can extend their influence by expanding the collaboration
Low
CVE-2024-32969
was published
for
vantage6
(pip)
May 22, 2024
litellm vulnerable to improper access control in team management
Moderate
CVE-2024-5710
was published
for
litellm
(pip)
Jun 27, 2024
ZenML Server Remote Privilege Escalation Vulnerability
Moderate
CVE-2024-25723
was published
for
zenml
(pip)
Feb 27, 2024
Authlib has algorithm confusion with asymmetric public keys
High
CVE-2024-37568
was published
for
authlib
(pip)
Jun 9, 2024
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
ProTip!
Advisories are also available from the
GraphQL API